Microservices have recently become a very popular technique for application development. The paradigm brings significant value for certain types of applications, and the community certainly seems to be trending in this direction over the last few years. As with any development or architectural style, there are trade-offs. While there are many benefits to the microservices architecture, there are also drawbacks. When considering security, there are some unique benefits and challenges associated with this style. This talk will look at some of the interesting issues that arise when securing microservices and give some practical advice for those dealing with this task. This talk will cover architectural and design changes, those that relate specifically to security, that arise when migrating to a microservices architecture, and will provide recommendations on how to leverage the benefits and address the challenges from these changes.
In this talk you will learn:
- Security-related architectural and design concerns related to microservices
- How these architectural changes benefit and challenge security in a system
- Questions you need to address as an architect or developer to ensure appropriate security protections exist in your system
- Provide recommendations on how to leverage the benefits and address the challenges from these fundamental architectural changes to better secure your systems
- Pointers to open-source tools that can be applied to benefit from these changes
John is currently a principal product security engineer at NetSuite. His previous positions have been focused on secure software engineering, in the technology, financial and defense sectors. He also volunteers at OWASP, working primarily on the AppSensor project.